|
 ABSTRACT
Honeypots have been traditionally used to advertise dark address space and gather information about originators of traffic to such addresses. With simple thresholding mechanisms this technique has shown itself to be fairly effective in identifying suspicious IP addresses. Honeypots are however unsuitable to locate the precise entry point of unwanted traffic. Tracing back to the origination of such traffic is hard due to the delay and difficulty of maintaining state along the path of such traffic. We propose a novel mobile honeypot mechanism that allows unwanted traffic to be detected significantly closer to the origin. The mobility in our scheme stems from additional information that is made available to the upstream ASes as well as the changes in the set of dark address space advertised. Sharing information with a network of friendly ASes has the potential to identify and significantly lower unwanted traffic on such links.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Lance Spitzner, "Honeypots: Definitions and Value of Honeypots." http://www.tracking-hackers.com/papers/honeypots.html.
|
| |
2
|
Shaheem Motlekar, "Honeypots: Frequently Asked Questions." http://www.tracking-hackers.com/misc/faq.html.
|
| |
3
|
David Moore, "Network Telescopes: Observing Small or Distant Security Events," August 2002. Usenix Security Symposium, www.caida.org/outreach/presentations/2002/usenix_sec/usenix_sec_2002_files/v3_document.html.
|
| |
4
|
"Hackbusters - Homepage." http://hackbusters.net.
|
| |
5
|
Vinod Yegneswaran and Paul Barford and Somesh Jha, "Global Intrusion Detection in the DOMINO Overlay System," in Proceedings of ISOC 2004, February 2004. http://www.cs.uwisc.edu/~barford/isoc04.ps.
|
| |
6
|
N. Provos, "Honeyd - A virtual honeypot daemon," in Proceeding of the 10th DFN-CERT Workshop, February 2003. http://www.cert.dfn.de/events/ws/2003/dfncert-ws2003-f1.zip.
|
| |
7
|
"KFSensor." http://www.keyfocus.net/kfsensor/.
|
| |
8
|
"Subscription via Multihop eBGP4." http://mail-abuse.org/rbl/usage.html#BGP.
|
| |
9
|
Geoffrey Goodell et al., "Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing," in 10th Annual Network and Distributed System Security Symposium, February 2003. www.eecs.umich.edu/~pdmcdan/docs/ndss03.pdf.
|
| |
10
|
Zesheng Chen and Lixin Gao and Kevin Kwiat, "Moeling the spread of Active Worms," in Proceedings of Infocom, March 2003. http://www.cs.umass.edu/~gao/paper/AAWP.pdf.
|
| |
11
|
A. Bligh, "Using a Well Known Community to mitigate the effects of a Denial of Service Attack," July 1999. http://www.merit.edu/mail.archives/nanog/1999-07/msg00083.html.
|
| |
12
|
Y. Rekhter and T. Li, "Border Gateway Protocol 4 (BGP-4)," RFC 1771, IETF, March 1995. http://www.rfc-editor.org/rfc/rfc1771.txt.
|
| |
13
|
Timothy G. Griffin, "An Introduction to Interdomain Routing and the Border Gateway Protocol (BGP)," November 2002. http://www.cambridge.intel-research.net/~tgriffin/talks_tutorials/tutorials/icnp2002/.
|
| |
14
|
R. Chandra and P. Traina and T. Li, "BGP Communities Attribute," RFC 1997, IETF, August 1996. http://www.rfc-editor.org/rfc/rfc1997.txt.
|
| |
15
|
S. Agarwal and T. G. Griffin, "BGP Proxy Community Community," January 2004. http://www.ietf.org/internet-drafts/draft-agarwal-bgp-proxy-community-00.txt.
|
| |
16
|
A. Lange, "Flexible BGP Communities," March 2004. http://www.ietf.org/internet-drafts/draft-lange-flexible-bgp-communities-02.txt.
|
| |
17
|
"BGP Policy Accounting." http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800ad90a.html.
|
| |
18
|
S. Convery and D. Cook and M. Franz, "An Attack Tree for the Border Gateway Protocol," September 2003. http://www.ietf.org/internet-drafts/draft-convery-bgpattack-01.txt.
|
| |
19
|
Joseph Corey, "Local Honeypot Identification." http://www.phrack.org/fakes/p62/p62-0x07.txt.
|
| |
20
|
"Send-Safe Honeypot Hunter." http://www.send-safe.com/honeypot-hunter.php.
|
| |
21
|
Jens Knoell, "Honeypots: Using specialized honeypots to build up-to-date spam blacklists?," September 2003. http://seclists.org/lists/honeypots/2003/Jul-Sep/0254.html.
|
| |
22
|
R. Thomas, "Tracking Spoofed IP Addresses Version 2.0." www.cymru.com/Documents/tracking-spoofed.html.
|
| |
23
|
"Cisco Express Forwarding (CEF)." http://www.cisco.com/warp/public/cc/pd/iosw/iore/tech/cef_wp.htm.
|
| |
24
|
D. Turk, "Configuring BGP to Block Denial-of-Service Attacks," March 2004. http://www.ietf.org/internet-drafts/draft-turk-bgp-dos-06.txt.
|
| |
25
|
B. Weis, "Secure Origin BGP (soBGP) Certificates," October 2003. http://www.ietf.org/internet-drafts/draft-weis-sobgp-certificates-01.txt.
|
| |
26
|
Nick Weaver, "Wormholes and honeyfarm," in WIP session: Usenix Security Symposium, 2003. http://www.ieee-security.org/Cipher/ConfReports/2003/CR2003-USENIX.html.
|
| |
27
|
"Know Your Enemy: GenII Honeynets." www.linuxvoodoo.net/resources/security/gen2/.
|
CITED BY 5
|
|
|
|
|
Mauro Andreolini , Alessandro Bulgarelli , Michele Colajanni , Francesca Mazzoni, HoneySpam: honeypots fighting spam at the source, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.11-11, July 07, 2005, Cambridge, MA
|
|
|
Mark Allman , Paul Barford , Balachander Krishnamurthy , Jia Wang, Tracking the role of adversaries in measuring unwanted traffic, Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, p.6-6, July 07, 2006, San Jose, CA
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.2